WP-Safety

DW Picha Changelog Security & Risk Analysis

wordpress.org/plugins/dw-picha-changelog-lite

With this plugin, you can create a changelog for your product or software.

0 active installs v2.0 PHP 7.4+ WP 6.5+ Updated Dec 16, 2025
change-logchangelog
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is DW Picha Changelog Safe to Use in 2026?

Generally Safe

Score 100/100

DW Picha Changelog has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago
Risk Assessment

The "dw-picha-changelog-lite" plugin version 2.0 exhibits a strong security posture based on the provided static analysis. The absence of dangerous functions, raw SQL queries, file operations, and external HTTP requests is commendable. Furthermore, the code demonstrates good practices by consistently using prepared statements for SQL, a high percentage of proper output escaping, and the presence of nonce and capability checks. The minimal attack surface, consisting of only one shortcode and no unprotected entry points, further enhances its security. The lack of any historical vulnerabilities, including CVEs, suggests a mature and well-maintained codebase.

While the current analysis reveals no critical or high-severity issues, and taint analysis shows no unsanitized paths, it's important to note that static analysis has limitations. The fact that only one shortcode is present means any potential vulnerability within it, if not properly secured, could still pose a risk, although the presence of a nonce and capability check mitigates this. The overall impression is a secure plugin, but ongoing vigilance and thorough code reviews are always recommended to ensure no subtle vulnerabilities are overlooked.

Key Concerns

  • Unescaped output percentage is low but not 100%
Vulnerabilities
None known

DW Picha Changelog Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

DW Picha Changelog Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
14
61 escaped
Nonce Checks
1
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

81% escaped75 total outputs
Attack Surface

DW Picha Changelog Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[dwpicha313_shortcode] inc\shortcode.php:7
WordPress Hooks 9
actionplugins_loadeddw-picha-changelog-lite.php:16
actionwp_enqueue_scriptsinc\enqueue.php:5
actionadmin_enqueue_scriptsinc\enqueue.php:8
actionadd_meta_boxesinc\metaboxes.php:7
actionsave_postinc\metaboxes.php:186
actioninitinc\posttype.php:5
filtermanage_dw_picha_changelog_posts_columnsinc\posttype.php:29
filtermanage_dw_picha_changelog_posts_custom_columninc\posttype.php:33
actioninitinc\shortcode.php:6
Maintenance & Trust

DW Picha Changelog Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedDec 16, 2025
PHP min version7.4
Downloads471

Community Trust

Rating100/100
Number of ratings1
Active installs0
Alternatives

DW Picha Changelog Alternatives

My WordPress Login Logo

My WordPress Login Logo

my-wp-login-logo

A
100

My WordPress Login Logo lets you to add a custom logo in your wordpress login page instead of the usual wordpress logo and customize your login page.

10K No CVEs
Change Username

Change Username

change-username

A
92

Change usernames of your WordPress users effectively.

4K No CVEs
My Wp Brand – Hide menu & Hide Plugin

My Wp Brand – Hide menu & Hide Plugin

my-wp-brand

A
98

This plugin gives the facility for hiding and showing plugins and the admin menu, it also gives the options to customize WordPress branding.

2K 2 CVEs
Change Login Page Logo

Change Login Page Logo

change-login-page-logo

A
92

A simple and easy way to change WordPress login logo, using Change Login Page Logo plugin you can change logo image, logo width, height and logo URL.

1K No CVEs
WP Theme Changelogs

WP Theme Changelogs

wp-theme-changelogs

A
85

Adding changelogs for themes hosted on wordpress.org by parsing their readme.txt

1K No CVEs
Developer Profile

DW Picha Changelog Developer Profile

Dango Web

2 plugins · 1K total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect DW Picha Changelog

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/dw-picha-changelog-lite/assets/theme.css/wp-content/plugins/dw-picha-changelog-lite/assets/admin.css/wp-content/plugins/dw-picha-changelog-lite/assets/admin.js/wp-content/plugins/dw-picha-changelog-lite/assets/jalalidatepicker.min.css/wp-content/plugins/dw-picha-changelog-lite/assets/jalalidatepicker.min.js
Script Paths
/wp-content/plugins/dw-picha-changelog-lite/assets/admin.js
Version Parameters
dw-picha-changelog-lite/assets/theme.css?ver=dw-picha-changelog-lite/assets/admin.css?ver=dw-picha-changelog-lite/assets/admin.js?ver=dw-picha-changelog-lite/assets/jalalidatepicker.min.css?ver=dw-picha-changelog-lite/assets/jalalidatepicker.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
dw-meta-optionsdw-box-headerdw-add-newdwp-box-listdwp-body-areadwp-boxdwp-headerdwp-info
Data Attributes
data-jdpdata-jdp-only-date
JS Globals
dwp
Shortcode Output
[dwpicha313_shortcode
FAQ

Frequently Asked Questions about DW Picha Changelog